DDoS Attacks Hit NATO, Ukrainian Media Outlets

Multiple NATO and Ukrainian media websites were hit with distributed denial-of-service (DDoS) attacks over the weekend by a pro-Russia group calling itself Cyber Berkut (KiberBerkut). "DDoS attack on some #NATO sites ongoing but most services restored," NATO spokeswoman Oana Lungescu tweeted Sunday. "Integrity of NATO data & systems not affected. We continue working on it."

The DDoS attacks against NATO were launched after secretary general Anders Fogh Rasmussen -- a former prime minister of Denmark -- said Friday that NATO would not recognize the results of the planned "so-called referendum in Ukraine's Autonomous Republic of Crimea," on the grounds that it violated both the Ukrainian constitution and international law. "Holding this referendum would undermine international efforts to find a peaceful and political solution to the crisis in Ukraine," he said. "It would run counter to the principles of the United Nations Charter. It is vital that those principles be upheld."

But according to Cyber Berkut, the attacks were launched Saturday in response to a small delegation of NATO officials arriving in the Ukrainian capital of Kiev earlier this month. Cyber Berkut decried "the NATO occupation of our homeland" and also appeared to threaten citizens of NATO member countries. "If NATO cannot protect their resources, the protection of personal data of ordinary Europeans cannot be considered," the group said Sunday in a post to Pastebin.

In recent weeks, the group has also launched DDoS attacks against media sites that it's accused of purveying "fascist and nationalist propaganda," which apparently means that not sufficiently pro-Russia. On Sunday, there were attacks against five general-interest Ukrainian media sites. Earlier this month, it also claimed to have blocked 700 mobile phones used by a Ukrainian neo-fascist junta.

Fascists are the straw men in a campaign being waged either by Ukrainians who want their country to become part of Russia, or by the Kremlin itself. Furthermore, related propaganda extends far beyond just one supposed hacktivist outfit.

"Cyber Berkut (@cyberberkut1) is not the only pro-Russia 'hacktivist' group working against Ukrainian independence," said Jeffrey Carr, CEO of Taia Global, in a blog post. "Anonymous Ukraine (@FreeUkraineAnon on Twitter) is another. In fact, they attacked the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) website back on November 7, 2013, as well as Estonia's Ministry of Defense website [where the CCDCOE is headquartered]."

But is Anonymous Ukraine composed of what might be described as regular members of the hacktivist collective, or has the hacktivist brand name simply been co-opted?

Last week, the state-backed Voice of Russia reported that Anonymous Ukraine had uncovered evidence that the US planned to invade the Ukraine. The report said that beginning this past Saturday, "[T]he United States, through its agents in Ukraine, will begin a series of false flag attacks on targets in Ukraine which have been designed to make it look as if they were carried out by the Special Forces of the Russian Federation."

The outlet also claimed that Anonymous Ukraine -- as part of Operation Independence -- had released a series of emails from the US Army assistant attaché Jason P. Gresh to a senior official of the General Staff of the Ukrainian Army named Igor Protsuyuk. In them, Gresh tells Protsuyuk, "Your job is to cause some problems to the transport hubs in the south-east in order to frame-up the neighbor. It will create favorable conditions for Pentagon and the Company to act. Do not waste time, my friend."

Carr ridiculed the supposed smoking gun. "I mean -- really? 'It will create favorable conditions for Pentagon' sounds remarkably like 'We don't need computer weapon to kill moose and squirrel,'" he said, referencing the cinematic masterpiece, The Adventures of Rocky and Bullwinkle. Finding this was really the highlight of my night. I'm still laughing," he said.

What about the supposed involvement of Anonymous? "This is a textbook example of how Anonymous with its anarchist framework, We are all Anonymous, can be easily co-opted to support the political agenda of a nation state while appearing to be an opposition movement," said Carr.

That agenda appears to be a push by some parties to make at least Crimea a part of Russia. On that front, furthermore, the Sunday referendum decried by NATO went ahead. Mikhail Malishev, head of the government commission that oversaw the referendum, reported Monday that 97% of the votes that were cast -- with a turnout of 83% -- were for Crimea to become part of Russia. That said, according to some reports, many members of the region's large Muslim Tatar minority abstained from voting.

In response to the vote results, NATO said Monday that it still regards the referendum to be illegal and illegitimate, and that no members of the alliance will recognize the results. It also criticized "the rushed nature of the poll under conditions of military intervention and the restrictions on -- and the manipulation of -- the media, which precluded any possibility of free debate and deliberation and deprived the vote of any credibility."

Pen testing helps companies become more secure by finding and analyzing their insecurities, but pen test services can be fraught with their own kind of risk. In this Dark Reading report, we recommend what to look for in a provider and its wares, how to get what you pay for, and how to ensure that pen testing itself doesn't open the company or its employees up to new risk. Read our Choosing, Managing And Evaluating A Penetration Testing Service report today. (Free registration required.)

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.